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Abstract 

We present a PSPACE algorithm that decides satisfiability of the graded modal logic Gr(K^) — a 
natural extension of prepositional modal logic K.n by counting expressions — which plays an important 
role in the area of knowledge representation. The algorithm employs a tableaux approach and is the first 
known algorithm which meets the lower bound for the complexity of the problem. Thus, we exactly fix 
the complexity of the problem and refute a ExpTlME-hardness conjecture. We extend the results to the 
logic Gr(K_-i), which augments GrCK-jz) with inverse relations and intersection of accessibility 
relations. This establishes a kind of "theoretical benchmark" that all algorithmic approaches can be 
measured against. 

Keywords: Modal Logic, Graded Modalities, Counting, Description Logic, Complexity. 



1 Introduction 



Propositional modal logics have found applications in many areas of computer science. Es- 
pecially in the area of knowledge representation, the description logic (DL) ACC, which is a 
syntactical variant of the propositional (multi-)modal logic Kr [Sch91 1, forms the basis of a 
large number of formalisms used to represent and reason about conceptual and taxonomical 
knowledge of the application domain. The graded modal logic Gr(Kn) extends Kr by 
graded modalities [Fin72], i.e., counting expressions which allow one to express statements 
of the form "there are at least (at most) n accessible worlds that satisfy ... ". This is espe- 
cially useful in knowledge representation because (a) humans tend to describe objects by the 
number of other objects they are related to (a stressed person is a person given at least three 
assignments that are urgent), and (b) qualifying number restrictions (the DL's analogue for 



graded modalities [HB91 ]) are necessary for modeling semantic data models [CLN94] 



Kr is decidable in PSPACE and can be embedded into a decidable fragment of predicate 



logic [ AvBN98|. He nce, there are two gene ral approaches for reasoning with Kr: dedicated 
decision procedures [ |^ad77 . [SSS91 , GS96], and the translat ion into first o rder logic followed 
by the application of an existing first order theorem prover [ OS97 , Sch97 ], To compete with 
the dedicated algorithms, the second approach has to yield a decision procedure and it has 

"This papers appeared in the Journal of Logic and Computation, Vol. 10 No. 99-47, pp. 1-22 2000. 
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to be efficient, because the dedicated algorithms usually have optimal worst-case complexity. 
For K.ti, the first issue is solved and, regarding the complexity, experimental results show that 
the algorithm competes well with dedicated algorithms [ HS97 ] . Since experimental result can 
only be partially satisfactory, a theoretical complexity result would be desirable, but there are 
no exact results on the complexity of the theorem prover approach. 

The situation for Gr(Kn) is more complicated: Gr(J£-ji) is known to be decidable, 
but this result is rather recent [HB91], and the known PS PACE upper complexity bound 
for Gr(K?j,) is only valid if we assume unary coding of numbers in the input, which is 
an unnatural restriction. For binary cod ing no u pper bound is known and the problem has 
been conjectured to be ExpTlME-hard [ dHR95 ] . This coincides with the observation that 
a straightforward adaptation of the translation technique leads to an exponential blow-up in 
the size of the first order formula. This is because it is p ossible to store the number n in 
log fe n-bits if numbers are represented in fc-ary coding. In [ |OSH96 1 a translation technique 
that overcomes this problem is proposed, but a decision procedure for the target fragment of 
first order logic yet has to be developed. 

In this work we show that reasoning for Gr(K^) is not harder than reasoning for Kr by 
presenting an algorithm that decides satisfiability in PS PACE, even if the numbers in the input 
are binary coded. It is based on the tableaux algorithms for and tries to prove the satisfi- 
ability of a given formula by explicitly constructing a model for it. When trying to generalise 
the tableaux algorithms for Kr to deal with Gr(K^), there are some difficulties: (1) the 
straightforward approach leads to an incorrect algorithm; (2) even if this pitfall is avoided, 
special care has to be taken in order to obtain a space-efficient solution. As an example for 
(1), we will show that the algorithm presented in [dHR95 1 to decide satisfiability of Gr(K^) 
is incorrect. Nevertheless, this algorithm will be the basis of our further considerations. Prob- 
lem (2) is due to the fact that tableaux algorithms try to prove the satisfiability of a formula 
by explicitly building a model for it. If the tested formula requires the existence of n accessi- 
ble worlds, a tableaux algorithm will include them in the model it constructs, which leads to 
exponential space consumption, at least if the numbers in the input are not unarily coded or 
memory is not re -used. An example for a correct algorithm which suffers from this problem 
can be found in [ HB91 ] and is briefly presented in this paper. Our algorithm overcomes this 
problem by organising the search for a model in a way that allows for the re-use of space for 
each successor, thus being capable of deciding satisfiability of Gi"(Kk) in PSpace. 

Using an extension of these techniques we obtain a PSpace algorithm for the logic 
Gr(K K -i), which extends G r(K^) by inverse relations and intersection of relations. This 
solves an open problem from [ fc)LNN97j . 

This paper is an significantly extended and improved version of [ Ibb99 ] . 



2 Preliminaries 

In this section we introduce the graded modal logic Gr( K^), th e extension of the multi- 
modal logic Kk with graded modalities, first introduced in jFin72 |. 

Definition 2.1 (Syntax and Semantics of Gr(K K )) 

Let V = fpcbPij . . . } be a set of propositional atoms and 1Z a set of relation names. The set 
of Gr (K.iz)-formulae is built according to the following rules: 

1. every propositional atom is a Gr(K-R.)-formula, and 
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2. if 0, 0i, 02 are Gr(K7j)-formulae, neff, and R is a relation name, then -i0, tpi A 02, 
■01 V 02, (R)n(f>, and [R] n (f> are formulae. 

The semantics of Gr(K7j) -formulae is based on Kripke structures 

Tt=(W m ,{R m \ReTZ},V m ) 1 

where W m is a non-empty set of worlds, each R m C W m x W™ is an accessibility relation 
on worlds (for R G 7?.), and V m is a valuation assigning subsets of W m to the prepositional 
atoms in V. For a Kripke structure 971, an element x G and a Gr(K7j)-formula, the 

model relation |= is defined inductively on the structure of formulae: 

m,x \=piffx e v m ( P ) fovp e v 
m,x \= ^(j>mwi,x y= 

971, x \= if>! A 2 iff 971, x \= 0i and 971, x \= 2 
971, x \= 0i V ^2 iff x h V^i or 971, x \= 2 
971, x \= (R) n (f>if£ )Ji? OT (.T,0) > n 
971, x |= [i?]„0 iff $R m (x, -0) < n 

where P^z, 0) := \{y G W OT | G and 971, y |= 0} 

The prepositional modal logic Kr is defined as the fragment of Gr(K-ji) in which for 
all modal operators n = holds. 

A formula is called satisfiable iff there exists a structure 971 and a world x G VF 351 such 
that 971, x |= 0. 

By SAT(K7?.)and SAT(Gr(K-7j))we denote the sets of satisfiable formulae of K-r. and 
Gr(K7j), respectively. 

As usual, the modal operators (R) n and [R] n are dual: tJi? m (a;, 0) > n means that in 971 
more than n i?-successors of x satisfy 0; §R m (x, -i0) < n means that in 971 all but at most 
n i?-successors satisfy 0. 

In the following we will only consider formulae in negation normal form (NNF), a form 
in which negations have been pushed inwards and occur in front of prepositional atoms only. 
We will denote the NNF of ->0 by ~0. The NNF can always be generated in linear time and 
space by successively applying the following equivalences from left to right: 

-(0! A 2 ) = V -02 ->(R) n ll> = [R]n-«l> 

-(0i V 2 ) = -01 A -02 -[i?]»0 = (R)n-«l> 



3 Reasoning for Gr(K 



Before we present our algorithm for deciding satisfiability of Gr(K^), for historic and di- 
dactic reasons, we present two other solutions: an incorrect one [dHR95], and a solution that 

is less efficient [ ^B9l| ], 

From the fact that SAT(K TC ) is PSPACE-complete [ |Lad77| , |HM92| ], it immediately fol- 
lows, that SAT(Gr(KK)) is PSPACE-hard. The algorithms we will consider decide the 
satisfiability of a given formula by trying to construct a model for 0. 
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3.1 An incorrect algorithm 



In [ dHR95 ], an algorithm for deciding SAT(Gr(K-R,)) is given, which, unfortunately, is 
incorrect. Nevertheless, it will be the basis for our further considerations and thus it is pre- 
sented here. It will be referred to as the incorrect algorithm. It is based on an algorithm given 



in fc)LNN97t to decide the satisfiability of the DL ACCAfTZ, which basically is the restric- 



tion of Gr(K7j), where, in formulae of the form (R) n 4> or [R] n <f> with n > 0, necessarily 
<p — pV -ip holds. 

The algorithm for Gr(K^) tries to build a model for a formula <f> by manipulating sets 
of constraints with the help of so-called completion rules. This is a well-known technique to 
check the satisfiability of modal formulae, which has already been used to prove decidability 



and complexity results for other DLs (e. g., [SSS91, HB91, BBH96|). These algorithms 



can be understood as variants of tableaux algorithms which are used, for example, to decide 



satisfiability of the modal logics K n , T-r, or S4 TC in [HM92] 



Definition 3.1 

Let V be a set of variables. A constraint system (c.s.) S is a finite set of expressions of the 
form 'x |= (j)' and 'Rxy\ where is a formula, R € 1Z, and x, y £ V. 

For a c.s. S, let §R s (x, (j>) be the number of variables y for which {Rxy, y \= <p} C S. 
The c.s. [z/y]S is obtained from S by replacing every occurrence of y by z; this replacement 
is said to be safe iff, for every variable x, formula <fi, and relation symbol R with {x \= 
(R)„4>, Rxy, Rxz} C S we have $Rl z M s (x, <f>) > n. 

A c.s. S is said to contain a clash, iff for a propositional atom p, a formula (f>, and m < n: 

{x^p,x^^p}CS or {x \= (R} m 4>, x h [R]n~4>} C S. 

Otherwise it is called clash-free. A c.s. S is called complete iff none of the rules given in 
Fig. [l] is applicable to S. 

To test the satisfiability of a formula <j>, the incorrect algorithm works as follows: it starts 
with the c.s. {x \= 0} and successively applies the rules given in Fig. [j], stopping if a clash 
is occurs. Both the rule to apply and the formula to add (in the — >v-rule) or the variables 
to identify (in the — ><-rule) are selected non-deterministically. The algorithm answers "</> 
is satisfiable" iff the rules can be applied in a way that yields a complete and clash-free c.s. 
The notion of safe replacement of variables is needed to ensure the termination of the rule 



application [HB91| 



Since we are interested in PSpace algorithms, non-determinism imposes no problem due 
to Savitch's Theorem, which states that deterministic and non-deterministic polynomial space 



coincide [Sav70] 



To prove the correctness of a non-deterministic completion algorithm, it is sufficient to 
prove three properties of the model generation process: 

1. Termination: Any sequence of rule applications is finite. 

2. Soundness: If the algorithm terminates with a complete and clash-free c.s. S, then the 
tested formula is satisfiable. 

3. Completeness: If the formula is satisfiable, then there is a sequence of rule applications 
that yields a complete and clash-free c.s. 
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A -rule: if 1. x \= ip% A tp2 G S and 
2. {z^,i^}2S 
then S-» A Su{a:[=^i,3;|= V2} 

v-rule: if 1. (a; |= ipi V ^ 2 ) G S and 

then S — > v 5 1 U {x |= x} where x G {^1,^2} 

> -rule: if 1. x \= {R) n ( f ) G and 
2. tLR s (x,0) < n 
then 5* — »> S" U {Rxy, y \= <fi} where y is a fresh variable. 

<o-rule: if 1. x \= [R]o<f), Rxy 6 5 and 
2. y h 5 
then S -^< S U {y \= <f)} 

<-rule: if 1. x \= [R] n 4>, $R s (x, <t>) > n> and 

2. -Rxy, Rxz G 5 and 

3. replacing y by 2 is safe in S 
then 5 -+< [z/y]S 

Figure 1: The incorrect completion rules for Gr(K^). 



The error of the incorrect algorithm is, that is does not satisfy Property 2, even though the 
converse is claimed: 

CLAlM([ pHR95l ]): Let be a Gr(K TC )-formula in NNF cj> is satisfiable iff 
{x \= (/)} can be transformed into a clash-free complete c.s. using the rules 
from Figure [I]. 

Unfortunately, the //'-direction of this claim is not true, which we will prove by a simple 
counterexample. Consider the formula 

(t>= {R) 2 pi A [R]ip 2 A [R]i-V2. 

On the one hand, <j) is not satisfiable. Assume Tl, x \= (R)2Pi- This implies the existence of 
at least three i?-successors 2/1,2/2, 2/3 of x. For each of the t/j either 9Jt, yi |= P2 or 99T, yi ^= P2 
holds by the definition of |=. Without loss of generality, there are two worlds yi 1 , yi 2 such 
that SOT, 2/j |= P2, which implies DJl, x \£ [R)i^P2 and hence 9JI, x \£ <j>. 

On the other hand, the c.s. S = {x |= <f)} can be turned into a complete and clash-free 
c.s. using the rules from Fig. [TJ as is shown in Fig. ||. Clearly this invalidates the claim and 
its proof. 

3.2 An alternative syntax 

At this stage the reader may have noticed the cumbersome semantics of the [R] n operator, 
which origins from the wish that the duality D<p = — ■<>— 10 of K carries over to [R] n <j> = 
~ n (R)n^4> in Gr(K-jz)- This makes the semantics of [R] n and (R) n un-intuitive. Not only 
does the n in a diamond operator mean "more than n" while it means "less or equal than n" 
for a box operator. The semantics also introduce a "hidden" negation. 
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{i h ^} ~*a >/\{x^<j>, x \= (R) 2 pi, x |= [R]ip 2 , x \= [R]x->p2} 

s . ' 

=Si 

->■> • • • ->•> Si U {Rxyi, Vi\=Pi\i= 1, 2, 3} 



=s 2 

S2 is clash-free and complete, because §R S2 (x,pi) = 3 and §R S2 (x , p 2 ) = 0. 
Figure 2: A run of the incorrect algorithm. 



To overcome these problems, we will replace these modal operators by a syntax inspired 
by the counting quantifiers in predicate logic: the operators (R) < n and (R) >„ with semantics 
defined by : 

M,x h {R)< n <t>tfttR m {x,<f)) <n, 
M,x\= (R)> n <j)iS (£,</>) > n. 

This modification does not change the expressivity of the language, since DJl, x \= {R) n 4> 
iff 971, x \= (R) > n+ i<j) and fDt, x \= [R] n 4> iff 9JI, x |= (i?)<„-0. We use the following 
equivalences to transform formulae in the new syntax into NNF: 

^(i?)> o = p A~ip 

->(R)> n </> = (R)< n -i</>i& n > 1 

-^{R)<n4> = {R)>n+l<j> 

3.3 A correct but inefficient solution 

To understand the mistake of the incorrect algorithm, it is useful to know how soundness 
is usually established for the kind of algorithms we consider. The underlying idea is that a 
complete and clash-free c.s. induces a model for the formula tested for satisfiability: 

Definition 3.2 (Canonical Structure) 

Let S be a c.s. The canonical structure Tt s = {W ms ,{R ms R £ 11}, V ms ) induced by 
S is defined as follows: 

W Ws = {x e V | x occurs in S}, 
R ms ={(x,y)eV 2 \RxyeS}, 

V ms ( P ) = {x e V | x hpe S}. 

Using this definition, it is then easy to prove that the canonical structure induced by a 
complete and clash-free c.s. is a model for the tested formula. 

The mistake of the incorrect algorithm is due to the fact that it did not take into account 
that, in the canonical model induced by a complete and clash-free c.s., there are formulae 
satisfied by the worlds even though these formulae do not appear as constraints in the c.s. 



Already in [HB91 ], an algorithm very similar to the incorrect one is presented which decides 



the satisfiability of ACCQ, a notational variant of Gr(Krc). 
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>a-> — >v-nile: see Fig. [l] 

^choose -rule: if 1. x \= (-R) M n^, -Rzy € 5" and 

then 5 -> C hoose S U {y |= x} where x 6 {0, ~<£} 

>>-rule: if 1. x |= (R)> n <fi E S and 
2. tti? s (x>) < 71 
then 5 — >> 5 U {Rxy, y \= <j)} where y is a new variable. 

»<-rule: if 1. x \= (R)< n (f>, §R s (x, <fi) > n and 

2. y ^ z, Rxy, Rxz, y \= (j), z \= (j) G S and 

3. the replacement of y by z is safe in S 
then 5 -»< [y/z]S 

Figure 3: The standard completion rules 



The algorithm essentially uses the same definitions and rules. The only differences are the 
introduction of the — > c hoose-rule and an adaption of the — >>-rule to the alternative syntax. The 
^choose-rule makes sure that all "relevant" formulae that are implicitly satisfied by a variable 
are made explicit in the c.s. Here, relevant formulae for a variable y are those occuring in 
modal formulae in constraints for variables x such that Rxy appears in the c.s. The complete 
rule set for the modified syntax of Gr(K^) is given in Fig. || The definition of clash has to 
be modified as well: A c.s. S contains a clash iff 

• {x \= p, x \= -ip} C S for some variable x and a propositional atomp, or 

• x \= (R)<n(j> 6 S and §R s (x, <f>) > n for some variable x, relation R, formula <j>, and 
n e N. 

Furthermore, the notion of safe replacement has to be adapted to the new syntax: the 
replacement of y by z in S is called safe iff, for every variable x, formula <f>, and relation 
symbol R with {x f= (R)> n <t>, Rxy, Rxz} C S we have ^ z ^^ s {x, cf>) > n. 

The algorithm, which works like the incorrect algorithm but uses the expansion rules from 
Fig. U — where IX is used as a placeholder for either < or > — and the definition of clash from 
above will be called the standard algorithm; it is a decision procedure for SAT(Gr(K-7j)): 



Theorem 3.3 ([ |HB9l| ]) 



Let <fi be a Gr(K^)-formula in NNF <f) is satisfiable iff {xo |= <fi} can be transformed into 
a clash-free complete c.s. using the rules in Figure |[ Moreover, each sequence of these 
rule-applications is finite. 



While no complexity result is explicitly given in [HB91], it is easy to see that a PSpace 
result could be derived from the algorithm using the trace technique, employed in [SSS91 ] to 
show that satisfiability of ACC, the notational variant for Kr, is decidable in PSpace. 

Unfortunately this is only true if we assume the numbers in the input to be unary coded. 
The reason for this lies in the — ►>-rule, which generates n successors for a formula of the 
form (R)> n (f>, If n is unary coded, these successors consume at least polynomial space in 
the size of the input formula. If we assume binary (or /c-ary with k > 1) encoding, the space 
consumption is exponential in the size of the input because a number n can be represented 
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in log fc n bits in fc-ary coding. This blow-up can not be avoided because the completeness of 
the standard algorithm relies on the generation and identification of these successors, which 
makes it necessary to keep them in memory at one time. 



4 An optimal solution 

In the following, we will present the algorithm which will be used to prove the following 



theorem; it contradicts the ExpTlME-hardness conjecture in [dHR95] 



Theorem 4.1 

Satisfiability for Gr(Kn) is PSPACE-complete if numbers in the input are represented using 
binary coding. 

When aiming for a PSpace algorithm, it is impossible to generate all successors of a 
variable in a c.s. at a given stage because this may consume space that is exponential in the 
size of the input concept. We will give an optimised rule set for Gr(K7j)-satisfiability that 
does not rely on the identification of successors. Instead we will make stronger use of non- 
determinism to guess the assignment of the relevant formulae to the successors by the time of 
their generation. This will make it possible to generate the c.s. in a depth first manner, which 
will facilitate the re-use of space. 

The new set of rules is shown in Fig. fj| The algorithm that uses these rules is called the 
optimised algorithm. The definition of clash is taken from the standard algorithm. We do not 
need a — »<-rule. 

At first glance, the — *>-rule may appear to be complicated and therefor is explained in 
more detail: like the standard — s->-rule, it is applicable to a c.s. that contains the constraint 
x |= (R)> n <fi if there are less than n i?-successors y of x with y \= <fr G S. The rule 
then adds a new successor y to S. Unlike the standard algorithm, the optimised algorithm 
also adds additional constraints of the form y \= to S for each formula ip appearing 

in a constraint of the form x |= (R)^^,^- Since we have suspended the application of the 
-^>-rule until no other rule applies to x, by this time S contains all constraints of the form 
x \= (R)^ni ! it will ever contain. This combines the effects of both the — > c hoose- and the 
-^<-rule of the standard algorithm. 



-rule: see Fig. 

>-rule: if 1. x \= (R)> n <fi S S, and 

2. $R s (x, (f) < n, and 

3. neither the — > A - nor the ^ v -rule apply to a constraint for x 
then 5^>SU {Rxy, y |= <j) : y \= xu ■ ■ ■ , V \= Xk} where 

{V»l, ■ ■ ■ , ipk} = {lp\x\= (i?)^™^ 6 S}, Xi 6 {ipi, and 
y is a fresh variable. 



Figure 4: The optimised completion rules. 
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4.1 Correctness of the optimised algorithm 

To establish the correctness of the optimised algorithm, we will show its termination, sound- 
ness, and completeness. 

To analyse the memory usage of the algorithm it is very helpful to view a c.s. as a graph: 
A c.s. S induces a labeled graph G(S) = (N, E, C) with 

• The set of nodes N is the set of variables appearing in S. 

• The edges E are defined by E := {xy \ Rxy 6 S for some R 6 TZ}. 

• C labels nodes and edges in the following way: 

- For a node x G N: C(x) := {(j> \ x \= <j> G S}. 

- For an edge xy G E: C(xy) := {R \ Rxy G S}. 

It is easy to show that the graph G(S) for a c.s. S generated by the optimised algorithm 
from an initial c.s. {xq \= <p} is a tree with root xq, and for each edge xy G E, the label 
C(xy) is a singleton. Moreover, for each x G N it holds that C{x) C clos{4>) where clos(4>) 
is the smallest set of formulae satisfying 

• <p G clos((f>), 

• if V'l V ^2 or A ^2 G clos{<j>), then also V'i, "02 G clos((f>), 

• if (-R)ixnV' £ clos(<f>), then also r/> G clos((f>), 

• if ^ G clos((j)), then also ^-0 G clos{4>). 

We will use the fact that the number of elements of clos(<p) is bounded by 2 x |</>| where 
|0| denotes the length of 0. This is easily shown by proving 

clos{<j>) — sub{4>) U {^V I i> G sub((j>)} 

where sub(4>) denotes the set of all sub-formulae of <f>. The size of sub(cf)) is obviously 
bounded by \<j)\. 

4.1.1 Termination 

First, we will show that the optimised algorithm always terminates, i.e., each sequence of rule 
applications starting from a c.s. of the form {xq |= <p} is finite. The next lemma will also be 
of use when we will consider the complexity of the algorithm. 

Lemma 4.2 

Let be a formula in NNF and S a c.s. that is generated by the optimised algorithm starting 
from {xo |= <fi}. 

• The length of a path in G(S) is limited by \<j>\. 

• The out-degree of G(S) is bounded by \clos(<j>)\ x 2^1. 
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PROOF. For a variable x E N, we define ^(x) as the maximum depth of nested modal 
operators in C(x). Obviously, £{xq) < \<fi\ holds. Also, if xy € E then £(x) > £(y). Hence 
each path X\,...,Xk in G(S) induces a sequence l(x\) > ■ ■ ■ > £(xk) of natural numbers. 
G(S) is a tree with root xq, hence the longest path in G(S) starts with xq and its length is 
bounded by \(j>\. 

Successors in G(S) are only generated by the — >>-rule. For a variable x this rule will 
generate at most n successors for each (R)> n ip S C(x). There are at most |c/os(0)| such 
formulae in C(x). Hence the out-degree of x is bounded by \clos(<j))\ x 2^1, where 2^1 is a 
limit for the biggest number that may appear in (f> if binary coding is used. ■ 



Corollary 4.3 (Termination) 

Any sequence of rule applications starting from a c.s. S = {xo \= cf)} of the optimised 
algorithm is finite. 



Proof. The sequence of rules induces a sequence of trees. The depth and the out-degree of 



these trees is bounded in \cj)\ by Lemma \.2. For each variable x the label C(x) is a subset of 



the finite set clos(<p). Each application of a rule either 

• adds a constraint of the form x \= ip and hence adds an element to C(x), or 

• adds fresh variables to S and hence adds additional nodes to the tree G(S). 

Since constraints are never deleted and variables are never identified, an infinite sequence 
of rule application must either lead to an arbitrary large number of nodes in the trees which 
contradicts their boundedness, or it leads to an infinite label of one of the nodes x which 
contradicts C(x) C clos((f>). m 



4.1.2 Soundness and Completeness 

The following definition will be very helpful to establish soundness and completeness of the 
optimised algorithm: 

Definition 4.4 

A c.s. S is called satisfiable iff there exists a Kripke structure 971 = (W™, {R w | R E 
TZ}, V w ) and a mapping a : V — » W m such that the following properties hold: 

1. If y, z are distinct variables such that Rxy, Rxz e S, then a(y) ^ a(z). 

2. If x |= ip £ S then Tt, a{x) \= ip. 

3. If Rxy S ,5 then (a(x),a(y)) G R m . 

In this case, 971, a is called a model of S. 

It easily follows from this definition, that a c.s. S that contains a clash can not be satisfi- 
able and that the c.s. {x \= cf)} is satisfiable if and only if <f> is satisfiable. 

Lemma 4.5 (Local Correctness) 

Let S, S' be c.s. generated by the optimised algorithm from a c.s. of the form {xq \= cf)}. 
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1. If 5" is obtained from S by application of the (deterministic) — > A -rule, then S is satis- 
fiable if and only if S' is satisfiable. 

2. If S' is obtained from S by application of the (non-deterministic) — > v - or -^>-rule, 
then S is satisfiable if S' is satisfiable. Moreover, if S is satisfiable, then the rule can 
always be applied in such a way that it yields a c.s. 5" that is satisfiable. 

Proof. S — > S' for any rule — > implies S 1 C S", hence each model of S" is also a model of 
S. Consequently, we must show only the other direction. 

1 . Let 971, a be a model of 5 and let x |= Vi A -02 be the constraint that triggers the 
application of the -^ A -rule. The constraint x \= tpi A tp 2 € £ implies SDT, a(a;) |= 
0i A ^2- This implies 971, a(x) \= tpi for i = 1,2. Hence 971, a is also a model of 

S' = SU{x \=^!,x h0 2 }- 

2. Firstly, we consider the ^ v - m le- Let 971, a be a model of S and let x \= ipi V 02 be 
the constraint that triggers the application of the -^ v -rule. x \= tpi V tp 2 € £ implies 
971, |= -j/'i V 02- This implies 971, a(x) \= tpi or 971, a(x) \= tp 2 . Without loss of 
generality we may assume 971, a(x) \= 0i. The -^ v -rule may choose \ = tpi, which 
implies S' = S U {x |= 0i} and hence 971, a is a model for S'. 

Secondly, we consider the -^>-rule. Again let 971, a be a model of S and let x \= 
{R)> n (f> be the constraint that triggers the application of the -^>-rule. Since the — ►>- 
rule is applicable, we have §R s (x, <p) < n. We claim that there isawe W m with 

{a{x),w) G R m ,Wl,w \= 0, and w {a(y) \ Rxy e S}. (*) 

Before we prove this claim, we show how it can be used to finish the proof. The 
world w is used to "select" a choice of the -^>-rule that preserves satisfiability: Let 
{0i, . . . , 0„} be an enumeration of the set {tp \ x \= (R)^,^ € S}. We set 

S' = Su{Rxy,y\=<j>}U{y\=Tp i \m,w\=i> i }u{y\=~Tp i \<m,w\£i; i }. 

Obviously, 971, a[y i— » w] is a model for S' (since y is a fresh variable and w satisfies 
(*)), and S' is a possible result of the application of the -^>-rule to S. 

We will now come back to the claim. It is obvious that there is a w with (a(x), w) € R m 
and 971, w \= <p that is not contained in {a(y) | Rxy,y \= £ S}, because cp) > 

n > $R s (x, 4>). Yet w might appear as the image of an element y' such that Rxy' e S but 

y' h 2 s. 

Now, Rxy' e S and y' \= ^ S implies y' f= ~0 e 5 1 . This is due to the fact that 
the constraint Rxy' must have been generated by an application of the -^>-rule because it 
has not been an element of the initial c.s. The application of this rule was suspended until 
neither the — > A - nor the -^ v - m le are applicable to x. Hence, if x \= (i?}>„0 is an element 
of £ now, then it has already been in S when the -^>-rule that generated y' was applied. The 
-^>-rule guarantees that either y' \= or y' \= ^0 is added to S. Hence y' \= ^<p € S. This 
is a contradiction to a(y') = w because under the assumption that 971, a is a model of S this 
would imply 971, w ^cp while we initially assumed 971, w f= (p. m 
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From the local completeness of the algorithm we can immediately derive the global com- 
pleteness of the algorithm: 

Lemma 4.6 (Completeness) 

If cj> € S AT(Gr(K7j)) in NNF, then there is a sequence of applications of the optimised rules 
starting with S = {xq |= (/>} that results in a complete and clash-free c.s. 



Proof. The satisfiability of </> implies that also {xq |= tfi} is satisfiable. By Lemma 4.5 
there is a sequence of appl ications of the optimised rules which preserves the satisfiability 
of the c.s. By Lemma 4.3 any sequence of applications must be finite. No generated c.s. 
(including the last one) may contain a clash because this would make it unsatisfiable. ■ 



Note that since we have made no assumption about the order in which the rules are ap- 
plied (with the exception that is stated in the conditions of the — >>-rule), the selection of 
the constraints to apply a rule to as well as the selection which rule to apply is "don't-care" 
non-deterministic, i.e., if a formula is satisfiable, then this can be proved by an arbitrary se- 
quence of rule applications. Without this property, the resulting algorithm certainly would be 
useless for practical applications, because any deterministic implementation would have to 
use backtracking for the selection of constraints and rules. 

Lemma 4.7 (Soundness) 

Let be a Gr(K-R.)-formula in NNF. If there is a sequence of applications of the optimised 
rules starting with the c.s. {xq (= </>} that results in a complete and clash-free c.s., then 
4> e SAT(Gr(K TC ))- 



Proof. Let S be a complete and clash-free c.s. generated by applications of the optimised 
rules. We will show that the canonical model Wis together with the identity function is a 
model for S. Since S was generated from {xq (= cf>} and the rules do not remove constraints 
from the c.s., xq |= <fi £ S. Thus Wis is also a model for <b wi th Wis, x o H </>■ 



By construction of Wis, Property 1 and 3 of Definition ^. 4| are trivially satisfied. It remains 
to show that x \= ip € S implies Wis ,x\= ip, which we will show by induction on the norm 
|| ■ || of a formula ip. The norm \\ip\\ for formulae in NNF is inductively defined by: 



\\P\\ 

Hi A^all 

IK-RWII 



\hp\\ 



This definition is chosen such that it satisfies ||^| 



forpeV 

1 + W 

~>ip\\ for every formula ip. 



• The first base case is ip = p for p £ P. x \= p £ S implies x € V Ws (p) and hence 
Wis, x \= p. The second base case is x |= ->p S S. Since S is clash-free, this implies 
x |= p £ S and hence x £ V Ws (p). This implies 93ls, x |= ->p, 

• x \= "4>\ A ip2 € S implies x \= tpi , x \= ip2 € S. By induction, we have 9Jts, x \= tpi 
and Wis, x \= ip2 holds and hence Wis, x |= V'l A ifa. The case x \= V ^2 £ S can 
be handled analogously. 
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• x |= (R)> n tp G 5 implies §R s (x, ip) > n because otherwise the -^>-rule would be 
applicable and S would not be complete. By induction, we have 9Jts, V |= ip for each 
y with y \= ip G S. Hence $R ms (x, ip) > n and thus Wl s , x |= (R)> n ip. 

• x |= (R)< n ip G 5 implies jj Ji s (x, VO < because 5 is clash-free. Hence it is 
sufficient to show that §R ms (x, ip) < §R s (x,ip) holds. On the contrary, assume 
j}i? OTs (x, V) > tf-R^x,^) holds. Then there is a variable y such that i?xy G S and 

2/ N ip while y |= ^ 5. For each variable y with i?xy G 5* either y \= ip G 5 
or y |= ~^ G 5. This implies y \= ~^/> G S and, by the induction hypothesis, 
9^S; 2/ h= holds which is a contradiction. ■ 



The following theorem is an immediate consequence of Lemma 4.3 



4.6 



and 4.7 



Corollary 4.8 

The optimised algorithm is a non-deterministic decision procedure for S AT(Gr(K-R,)). 



4.2 Complexity of the optimised algorithm 



The optimised algorithm will enable us to prove Theorem 4. 1 We will give a proof by 



sketching an implementation of this algorithm that runs in polynomial space. 
Lemma 4.9 

The optimised algorithm can be implemented in PSpace 



Proof. Let be the Gr(K7?.)-formula to be tested for satisfiability. We can assume <j> to 
be in NNF because the transformation of a formula to NNF can be performed in linear time 
and space. 

The key idea for the PSpace implementation is the trace technique [SSS91], i.e., it is 
sufficient to keep only a single path (a trace) of G(S) in memory at a given stage if the 
c.s. is generated in a depth-first manner. This has already been the key to a PSPACE upper 
bound for K n and ACC in jLad77| , [SSS91| , |HM92| ]. To do this we need to store the values 
for tti? s (x, ip) for each variable x in the path, each R which appears in clos(<p) and each 
ip G clos(p). By storing these values in binary form, we are able to keep information about 
exponentially many successors in memory while storing only a single path at a given stage. 

Consider the algorithm in Fig. ^, where TL^ denotes the set of relation names that appear 
in clos(tp). It re-uses the space needed to check the satisfiability of a successor y of x once 
the existence of a complete and clash-free "subtree" for the constraints on y has been estab- 
lished. This is admissible since the optimised rules will never modify this subtree once is it 
completed. Neither do constraints in this subtree have an influence on the completeness or 
the existence of a clash in the rest of the tree, with the exception that constraints of the form 
y \= ip for i?-successors y of x contribute to the value of jji? s (x, ip). These numbers play a 
role both in the definition of a clash and for the applicability of the ^>-rule. Hence, in order 
to re-use the space occupied by the subtree for y, it is necessary and sufficient to store these 
numbers. 

Let us examine the space usage of this algorithm. Let n = \<j>\. The algorithm is designed 
to keep only a single path of G(S) in memory at a given stage. For each variable x on a 
path, constraints of the form x \= ip have to be stored for formulae ip G clos(<f>). The size 
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Gr(K R ) - SAT(0) := sat(x 0> {x |= <f>}) 
sat(x, S): 

allocate counters §R s (x, -0) := for all R £ TZ^ and ip e clos((f>). 
while (the — or the -^ v -rule can be applied) and (S is clash-free) do 
apply the — or the -^ v -rule to S. 

od 

if 5 contains a clash then return "not satisfiable". 
while (the -^>-rule applies to x in S) do 

S new := {Rxy,y \= <p' , y \= xi, ■ ■ ■ ,y \= Xk} 

where 

y is a fresh variable, 

x \= (R)> n (j)' triggers an application of the — >>-rule, 
{ipi, . . . ~ty k } = {ip | x \= {R^nip 6 S}, and 
Xi is chosen non-deterministically from {ipi, ~ipi} 
for each y \= ip G do increment )Ji?' s (x, -0) 

if a; |= (i?)< m -0 G S and §R s (x, tjj) > m then return "not satisfiable". 
if sat(y, Snew) = "not satisfiable" then return "not satisfiable" 

od 

remove the counters for x from memory, 
return "satisfiable" 



Figure 5: A non-deterministic PSpace decision procedure for SAT(Gr(K7j)). 



of clos{4>) is bounded by 2n and hence the constraints for a single variable can be stored in 
0(n) bits. For each variable, there are at most |72-^| x \clos(<f>)\ — 0(n 2 ) counters to be 
stored. The numbers to be stored in these counters do not exceed the out-degree of x, which, 



by Lemma 4.2, is bounded by \clos{4>)\ x2^l. Hence each counter can be stored using 0(r 



bits when binary coding is used to represent the counters, and all counters for a single variable 
require 0(n 4 ) bits. Due to Lemma p~2[ the length of a path is limited by n, which yields an 
overall memory consumption of 0(n 5 + n 2 ). m 



Theorem X. \ now is a simple Corollary from the PSPACE-hardness of K^, Lemma 4.9 
and Savitch's Theorem [Sav70]. 



5 Extensions of the Language 

It is possible to extend the language Gr(K^) without loosing the PSpace property of the 
satisfiability problem. In this section we extend the techniques to obtain a PSPACE algorithm 
for the logic Gr(K K -i), which extends Gr(K7j) by intersection of accessibility relations 
and inverse relations. These extension are mainly motivated from the world of Description 
Logics, where they are commonly studied. In this context, the logic Gr(K R -i) can be 
perceived as a notational variant of the Description Logic ACCQ21Z. 
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Definition 5.1 (Syntax and Semantics of Gr(K R -i)) 

Let V = {po, pi , . . . } be a set of proposition letters and let 1Z be a set of relation names. The 
set ft := TZU {R~ 1 \R G K} is called the set of Gr(K K -i)-relations. 
The set of Gr(K n -i)-formulae is the smallest set such that 

1. every proposition letter is a Gr(K 7J -i)-formula and, 

2. if <p, tpi,ip2 are formulae, n 6 N, and R\, . . . , R k are (possibly inverse) Gr(K R -i)- 
relations, then ->(/>, ip\ A -02, tpi V -02, {Ri fl ■ • ■ fl R k )< n (f>, and {Ri fl ■ ■ ■ n R k )> n 4> 
are Gr(K TC -i)-formulae. 

The semantics are extended accordingly: 

an, x (= n • • • n R k )< n 4> iff tt(-Ri n • • • n R k ) m (x, <f>) < n 
Wl,x\= (Ri n ■ • ■ n i? fc }>n0 iff tt(-Ri n • • • n R k ) m (x, 4>)>n 

where 

n • • • n R k ) m (x, 0) = |{y G W m | (x, y) G Rf n • • • n i2f and 971, y h 0}|, 
and, for R G lZ,we define 

(iT 1 ) 9 * :={(y,x) I (x,y)Gi? OT }. 

We will use the letters u, a to range over intersections of Gr(K R -i )-relations. By abuse 
of notation we will sometimes identify an intersection of relations ui with the set of relations 
occurring in it and write R G u> iff u> = Ri fl • • • fl R k and there is some 1 < i < k with 
R = Ri. To avoid dealing with relations of the form (R^ 1 )^ 1 we use the convention that 
(i?- 1 )- 1 = for any R G K. 

Obviously every Gr(K-ji) formula is also a Gr(K R -i) formula. Using standard bisim- 
luation arguments one can show that Gr(K R -i) is strictly more expressive than Gr(K-jz). 

5.1 Reasoning for Gr(K^i) 

We will use similar techniques as in the previous section to obtain a PSPACE-algorithm for 
Gr(K R -i). The definition of a constraint system remains unchanged, but we additionally 
require that, for any R G 1Z, a c.s. S contains the constraint 'Rxy' iff it contains the constraint 
'i? _1 yx'. For a c.s. S, an intersection of Gr(K R -i )-relations u = R\ fl • • • fl R k , and a 
formula <p, let §uj s (x, cf)) be the number of variables y such that {R\xy, . . . , R k xy, y \= (p} C 
S. 

We modify the definition of clash to deal with intersection of relations as follows. A c.s. 
S contains a clash iff 

• {x \= p, x \= -ip} C S for some variable x and a proposition letter p, or 

• x |= (bj)< n 4> G S and ^jj s [x, cf)) > n for some variable x, intersection of Gr(K R -i)- 
relations u), formula cf) and n G N. 
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*A; -^v-rule: see Fig. [j] 

*choose-rule: if 1. x \= (Lu)^ n <j) e S and 

2. for some flew there is a y with Rxy £ S, and 

then S ^ choose S'U{y\= x} where x £ {0, ~</>} 
and 5' = 5 - {z | y -<£ z} 
>>-rule: if 1. x |= (w)> n 4> £ 5*, and 

2. (ja; 5 ^, 0) < n, and 

3. no non-generating rule can be applied to a constraint for x 
then S^>SU{i/^i/>}US'U S" and set x -< s V where 

S' = {y \= xi, ■ ■ ■ ,y h= Xfe}, x.% £ {V^, ~V>i}> and 

{-01, ... , V'fc} = {V> I £ H (rfxtm^ £ s*} 
5"' = {flixy. R± 1 yx, . . .^Rrnxy, R^yx} and 

w C {i?i,...,i? m } C ft 
y is a fresh variable 



Figure 6: The completion rules for Gr(K R -i), 



The set of rules dealing with the extended logic is shown in Figure [| We require the 
algorithm to maintain a binary relation -<s between the variables in a c.s. S with x -<s y iff J/ 
was inserted by the — »>-rule to satisfy a constraint for x. When considering the graph G(S), 
the relation -<$ corresponds to the successor relation between nodes. Hence, when x <s V 
holds we will call y a successor of x and x a predecessor of y. We denote the transitive closure 
of -<s by <g. For a set of variables X and a c.s. S, we denote the subset of 5 in which no 
variable from X occurs in a constraint by S — X. The — > A -, — >y- and -^ c h ose-rule are called 
"non-generating rules" while the -^>-rule is called a "generating rule". The algorithm which 
uses these rules will be called the Gr(K 7 j-i)-algorithm. 

The — >>-rule, while looking complicated, is a straightforward extension of the -^>-rule 
for Gr(K7j), which takes into account that we also need to guess additional relations be- 
tween the old variable x and the freshly introduced variable y. The — > c hoose-rule requires 
more explanation. 

For Gr(K7j), the optimised algorithm generates a c.s. S in a way that, whenever x \= 
(R)xn' l P £ S, then, for any y with Rxy £ S, either y \= ip € S of y \= ~^ 6 S. This 
was achieved by suspending the generation of any successors y of x until S contained all 
constraints of the from x \= <fi it would ever contain. In the presence of inverse relations, this 
is no longer possible because y might be generated as a predecessor of x and hence before 
it was possible to know which ijj might be relevant. There are at least two possible ways 
to overcome this problem. One is, to guess, for every x and every tp £ clos(<fi), whether 
x |= ijj or x \= ~?/>. In this case, since the termination of the optimised algorithm as shown 
in Lemma [T^ relies on the fact that the modal depth strictly decreases along a path in the in- 
duced graph G(S), termination would no longer be guaranteed. It would have to be enforced 
by different means. 

Here, we use another approach. We can distinguish two different situations where {x \= 
(u^xn^, Rxy} Q S for some R £ u>, and {y \= ip, y \= f) S — 0, namely, whether 
y is a predecessor of x (y ~<g x) or a successor of x (x -<s y)- The second situation will 
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{x \= <p} -» A . . . 

* a {x h & x h= (Ri)<oq,x \= (Ri)>i(p v q),x \= (i?2)>i(-R 2 ~ 1 )<o(^i)>ip} 



>> 5i U {Rixy, R x 1 yx, y \= (pV q),y \= -<q} -> v S2 U {y \= p) 



s. 



s 3 



Figure 7: Inverse roles make tracing difficult. 



never occur. This is due to the interplay of the — >>-rule, which is suspended until all known 
relevant information has been added for x, and the — > C hoose-rule, which deletes certain parts 
of the c.s. whenever new constraints have to be added for predecessor variables. 

The first situation is resolved by non-deterministically adding either y \= i/j or y \= 
to S. The subsequent deletion of all constraints involving variables from {z \ y -<g z}, 
which corresponds to all subtrees of G(S) rooted at successors of y, is necessary to make this 
rule "compatible" with the trace-technique we want to employ in order to obtain a PSPACE- 
algorithm. The correctness of the trace -approach relies on the property that, once we have 
established the existence of a complete and clash-free "subtree" for a node x, we can remove 
this tree from memory because it will not be modified by the algorithm. In the presence of 
inverse relations this can be no longer taken for granted as can be shown by the formula 

(f>={Ri)<aq A (Ri)>i(pVg) A (i? 2 )>i(^ 1 )<o(^i)>iJJ 

Figure [7] shows the beginning of a run of the algorithm for Gr(K R -i). After a number of 
steps, a successor y of x has been generated and the expansion of constraints has produced 
a complete and clash-free subtree for y. Nevertheless, the formula <f> is not satisfiable. The 
expansion of (R2 ) > 1 (i?^ 1 ) <o {Ri ) > iP will eventually lead to the generation of the constraint 
x \= ^(i?i)>ip = (i?i)<oP, which clashes with y \= p. If the subtree for y would already 
have been deleted from memory, this clash would go undetected. For this reason, the ^ c hoose _ 
rule deletes all successors of the modified node, which, while duplicating some work, makes 
it possible to detect these clashes even when tracing through the c.s. A similar technique has 



been used in [HST99] to obtain a PSPACE-result for a Description Logic with inverse roles. 



5.2 Correctness of the Algorithm 

As for Gr(K7j), we have to show termination, soundness, and correctness of the algorithm 
for Gr(K R -i). 

5.2.1 Termination 

Obviously, the deletion of constraints in S makes a new proof of termination necessary, since 
the proof of Lemma [T^ relied on this fact. Please note, that the Lemma 4.2 still holds for 
Gr(K_x). 
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Lemma 5.2 (Termination) 

Any sequence of rule applications starting from a c.s. S = {xq |= </>} of the Gr(K R -i) 
algorithm is finite. 



Proof. The sequence of rule applications induces a sequence of trees. As before, the depth 



and out-degree of this tree is bounded in \(f>\ by Lemma |4. 2| . For each variable x, C(x) is a 



subset of the finite set clos(<fi). Each application of a rule either 

• adds a constraint of the form x \= ip and hence adds an element to C(x), or 

• adds fresh variables to S and hence adds additional nodes to the tree G(S), or 

• adds a constraint to a node y and deletes all subtrees rooted at successors of y. 

Assume that algorithm does not terminate. Due to the mentioned facts this can only be 
because of an infinite number of deletions of subtrees. Each node can of course only be 
deleted once, but the successors of a single node may be deleted several times. The root of 
the completion tree cannot be deleted because it has no predecessor. Hence there are nodes 
which are never deleted. Choose one of these nodes y with maximum distance from the 
root, i.e., which has a maximum number of ancestors in ~<g. Suppose that y's successors are 
deleted only finitely many times. This can not be the case because, after the last deletion of 
y's successors, the "new" successors were never deleted and thus y would not have maximum 
distance from the root. Hence y triggers the deletion of its successors infinitely many times. 
However, the — *- c hoose-rule is the only rule that leads to a deletion, and it simultaneously leads 
to an increase of C(y), namely by the missing concept which caused the deletion of y's 
successors. This implies the existence of an infinitely increasing chain of subsets of clos(<p), 
which is clearly impossible. ■ 



5.2.2 Soundness and Completeness 

Lemma 5.3 (Soundness) 

Let c/> be a Gr(K K -i )-formula in NNF. If the completion rules can be applied to {xq |= <fi} 
such that they yield a complete and clash-free c.s., then (j> £ S AT(Gr(K TC -i )). 



Proof. Let S be a complete and clash-free c.s. obtained by a sequence of rule applications 
from {xq \= cf>}. We show that the canonical structure VJls is indeed a model of <j>, where the 



canonical structure for Gr(K K -i) is defined as in Definition 3.2. Please note, that we need 
the condition "Rxy £ S iff R~ 1 yx 6 S" to make sure that all information from the c.s. is 
reflected in the canonical structure. 



By induction over the norm of formulae ||^|| as defined in the proof of Lemma 4.7, we 
show that, for a complete and clash-free c.s. S, x |= -0 € S implies Wis, x \= ip. The only 
interesting cases are when t/j starts with a modal operator. 

• x |= (u})> n ij) <E S implies uj s (x, ip) > n because S is complete. Hence, there are n 
distinct variables y±,...,y n with yi \= tp E S and Rxyt S S for each 1 < i < n 
and R 6 u>. By induction, we have 9Jls,yi \= ip and (x,yi) £ uj ms and hence 
M Sl x \= (uj)> n 4>. 
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• x \= (w)< n ip G S implies, for any R G uj and any y with Rxy G S, y \= ip G S or 
y \= ~0 G 5 1 . For any predecessor of x, this is guaranteed by the -^ c h 00 se-rule, for any 
successor of x by the -^>-rule which is suspended until no non-generating rule rules 
can applied to x or any predecessor of x together with the reset-restart mechanism that 
is triggered by constraints "moving upwards" from a variable to its predecessor. 

We show that §oj ms (x, tp) ^ §oj (x,tp): assume §oj ms (x, tp) > §u> s (x, tp). This 
implies the existence of some y with (x, y) G R ms for each R G u> and Wis, V \= ip 
but y \= tp S. This implies y |= G S, which, by induction yields Wis, V |= ~0 
in contradiction to Wis, V \= 4>- 

Since constraints for the initial variable x are never deleted from S, we have that x \= 
G 5 and hence Wl s , x \= 4> and G SAT(Gr(K^-i)). ■ 

The following lemma combines the local and global completeness proof for the Gr(K K -i )- 



Lemma 5.4 (Completeness) 

If G SAT(Gr(K K -i)) in NNF, then there is a sequence of the Gr(K TC -i)-rule starting 
with S = {x \= 0} that results in a complete and clash-free c.s. 

Proof. Let 971 be a model for tp and TZ^ the set of relations that occur in together with 
their inverse. We use Wl to guide the application of the non-deterministic completion rules by 
incremently defining a function a mapping variables from the c.s. to elements of W w . The 
function a will always satisfy the following conditions: 



Claim: Whenever (*) holds for a c.s. S and a function a and a rule is applicable to S then 
it can be applied in a way that maintains (*). 

• The -^ A -rule: if x \= tp\ A 02 G S, then Wl, a{x) \= (tpi A tp2). This implies 
971, a(x) \= tpi for i = 1,2, and hence the rule can be applied without violating (*). 

• The ^v-rule: if a; |= tpi V 02 G S, then 971, a(x) \= (tpi V tp2). This implies 
971, a(x) \= -01 or 970 a(x) \= 02. Hence the -^ v -rul e can add a constraint x 0= x 
with x G {tpi, 1P2} such that (*) still holds. 

• The 

— > choose _ru l e: obviously, either 971, a(y) \= tp or 971, a(y) \= ~0 for any variable 
y in S. Hence, the rule can always be applied in a way that maintains (*). Deletion of 
nodes does not violate (*). 

• The -^>-rule: if x \= (oj)> n (f>' G S, then Wl, a(x) 0= (o>)>„0'. This implies 
§oj m (a(x), 0') ^ n. We claim that there is an element t G W m such that 



■n 



algorithm 



1. if x 0= G S then 971, a(x) \= 

2. if Rxy G S then {R | i?xy G S} = {R \ (a(x),a(y)) G R m } DTZ^ 

3. if y, z are distinct variables such that {R\xy, R^xz] C 5, then a(y) ^ a(z) 




(a(a;), i) G for each Reco, and 971, t 0= 0, and 
i g {a(y) | G 5} 
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We will come back to this claim later. Let ip\ , . . . , ip^ be an enumeration of the set 
{ip | x |= (cr)[>«m £ >S} The — s->-rule can add the constraints 

S' = {y^ ^ I sut,* N M U{» |= | 3Jl,t ^ 

5" = {Rxy \ReKj,, (a(x),t) £ R m } U {Ryx \ R £ 7^,, (t, a(a;)) £ i? OT } 

as well as |= <fi'} to 5. If we set a' :— a[y i— > t], then the obtained c.s. together 
with a' satisfies (*). 

Why does there exists an element t that satisfies (**)? Let s £ W m be an arbitrary 
element with (a(x), s) £ us™ and 971, s \= ip that appears as an image of an arbitrary 
element y with Rxy £ S for some R £ TZ^. Condition 2 of (*) implies that Rxy £ S 
for any R £ ui and also y ^= ip £ S must hold as follows: 

Assume y \= ip £ S. This implies y \= ~ip £ S: either y ^5 x, then in order for 
the -^>-rule to be applicable, no non-generating rules and especially the -^ c h ose-rule 
is not applicable to x and its ancestor, which implies {y \= t/j,y \= R S ^ 0. If 
not y ~<s x then y must have been generated by an application of the ^>-rule to x. In 
order for this rule to be applicable no non-generating rule may have been applicable to 
x or any of its ancestors. This implies that at the time of the generation of y already 
x \= (u})> n ip £ S held and hence the — >>-rule ensures {y \= ip, y \= n S ^ 0. 

In any case y \= ^t/j £ S holds and together with Condition 1 of (*) this implies 
371, s\fcip which contradicts SDT, s \= ip. 

Together this implies that, whenever an element s with (a(x), s) £ uj m and 9UI, s (= ip 
is assigned to a variable y with Rxy £ S, then it must be assigned to a variable that 
contributes to §ui s (x, ip). Since the ^>-rule is applicable there are less than n such 
variables and hence there must be an unassigned element t as required by (**). 

This concludes the proof of the claim. The claim yields the lemma as follows: obviously, 
(*) holds for the initial c.s. {xo \= <fi}, if we set a(xo) := sq for an element sq with 971, sq \= 
<p (such an element must exist because 9JI is a model for <p). The claim implies that, whenever 



a rule is applicable, then it can be applied in a manner that maintains (*). Lemma 5.2 yields 
that each sequence of rule applications must terminate, and also each c.s. for which (*) holds 
is necessarily clash-free. It cannot contain a clash of the form {x (= p, x \= -ip} C S because 
this would imply 371, a(x) \= p and 971, a(x) ^= p. It can neither contain a clash of the form 
x \= (u>)< n ip £ S and flw (x, ip) > n because a is an injective function on {y \ Rxy £ S} 
and preserves all relations in TZ^. Hence §cj s (x,ip) > n implies §oj m (x , ip) > n, which 
cannot be the case since 971, a(x) \= (u))< n ip. m 



As a corollary of Lemma 5.2, 5.3, and 5.4 we get: 



Corollary 5.5 

The Gr(K K -i)-algorithm is a non-deterministic decision procedure for SAT(Gr(K TC -i)). 

5.3 Complexity of the Algorithm 

As for the optimised algorithm for Gr(Kn), we have to show that the Gr(K K -i )-algorithm 
can be implemented in a way that consumes only polynomial space. This is done similarly 
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to the Gr(K-R,)-case, but we have to deal with two additional problems: we have to find a 
way to implement the "reset-restart" caused by the -^ c hoose-rule, and we have to store the 
values of the relevant counters w s (x, ip). It is impossible to store the values for each possible 
intersection of relations u> because the are exponentially many of these. Fortunately, storing 
only the values for those u> which actually appear in <fi is sufficient. 

Lemma 5.6 

The Gr(K K -i )-algorithm can be implemented in PSpace. 



Proof. Consider the algorithm in Figure where 0^ denotes all intersections of relations 
that occur in <fi. As the algorithm for Gr(K-ji), it re-uses the space used to check for the 
existence of a complete and clash-free "subtree" for each successor y of a variable x. Counter 
variables are used to keep track of the values §u> s (x, ip) for all relevant ui and tp. This can be 
done in polynomial space. Resetting a node and restarting the generation of its successors is 
achieved by resetting all successor counters. Please note, how the predecessor of a node is 
taken into account when initialising the counter variables. 

Since the length of paths in a c.s. is polynomial bounded in \<f>\ and all necessary book- 
keeping information can be stored in polynomial space, this proves the lemma. ■ 



Obvious ly, SAT(Gr(K K -i)) is PSPACE-hard, hence Lemma |^ and Savitch's Theo- 
rem [Sav70] yield: 

Theorem 5.7 

Satisfiability for Gr(K R -i) is PSPACE-complete if the numbers in the input are represented 
using binary coding. 



As a simple corollary, we get the solution of an open problem in [DLNN97]: 
Corollary 5.8 

Satisfiability for ACCAflZ is PSPACE-complete if the numbers in the input are represented 
using binary coding. 



Proof. The DL ACCAfTZ is a syntactic restriction of the DL ACC QJTZ, which, in turn, is 
a syntactical variant of Gr(K K -i). Hence, the Gr(K K -i )-algorithm can immediately be 
applied to _4££/V7?.-concepts. ■ 



6 Conclusion 

We have shown that by employing a space efficient tableaux algorithm satisfiability of the 
logic Gr(K^) can be decided in PS PACE, which is an optimal result with respect to worst- 
case complexity. Moreover, we have extended the technique to the logic Gr(K K -i), which 
extends Gr(K^) both by inverse relations and intersection of relations. This logic is a no- 
tational variant of the Description Logic ACC QJTZ, for which the complexity of concept 
satisfiability has also been open. This settles the complexity of the DL ACCJ\flZ for which 



the upper complexity bound with binary coding had also been an open problem [ DLNN97 1 
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Gr(K w -i) - SAT(</>) := sat (a*, {x \= 0}) 
sat(x, £): 

allocate counters §oj s (x, ■0) for all u> g f2^ and g clos(<f>). 
restart: 

for each counter flu; 5 (a;, 

if a; has a predecessor y ~<s x and wC{Ji g 5} and y \= ip g S 

then ttw S (x, VO := 1 else $oj s (x, V>) := 
while (the — > A - or the -^ v -rule can be applied at x) and (S is clash-free) do 
apply the — > A - or the -^ v -rule to 5. 

od 

if 5 contains a clash then return "not satisfiable". 

if the ^choose-rule is applicable to the constraint x \= (w)xnV' <= 5 

then return "restart with ip" 
while (the -^>-rule applies to a constraint x \= (oj)> n (p' £ S) do 

S'new := {y \= <i>'} US'U S" 

where 

y is a fresh variable 

{ip 1 ,...,ipk} = {ip\x\= (0-} Mm ^ £5"} 

S" = {y h Xi, • • • ,V \= Xk}, and 

Xi is chosen non-deterministically from {tpi, ^tpi} 

S" = {Rixy, Ri 1 yx 1 Rixy, R^yx} 

{Ri, ■ ■ . , Ri} is chosen non-deterministically with ui C . . . , C 7^ 

for each ^ with y |= tp g S" and c G f2^ with er C {R \ Rxy g 5"'} do 

increment f|(7 S (x, r/;) 
if x \= (a)< m ip g S 1 and tftT^x, ip) > m 

then return "not satisfiable". 

result := sat(y, S U S^ew) 

if result = "not satisfiable" then return "not satisfiable" 
if result = "restart with ip" then 
S:=SU{x^ X } 

where \ is chose non-deterministically from {ip, ~ip} 
goto restart 

od 

remove the counters for x from memory, 
return "satisfiable" 

Figure 8: A non-deterministic PSpace decision procedure for SAT(Gr(K K -i)). 
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While the algorithms presented in this work certainly are only optimal from the viewpoint 
of worst-case complexity, they are relatively simple and will serve as the starting-point for a 
number of optimisations leading to more practical implementations. They also serve as tools 
to establish the upper complexity bound of the problems and thus shows that tableaux based 
reasoning for Gr(K-ji) and Gr(K R -i) can be done with optimum worst-case complexity. 
This establishes a kind of "theoretical benchmark" that all algorithmic approaches can be 
measured against. 

Acknowledgments. 

I would like to thank Franz Baader, Ulrike Sattler, and an anonymous referee for valuable 
comments and suggestions. Part of this work was supported by the DFG, Project No. GR 
1324/3-1. 



References 

[AvBN98] H. Andreka, J. van Benthem, and I. Nemeti Modal languages and bounded fragments of predicate 
logic. Journal of Philosophical Logic, 27(3):217-274, 1998. 

[BBH96] F. Baader, M. Buchheit, and B. Hollunder. Cardinality restrictions on concepts. Artificial Intelligence, 
88(1-2):195-213, 1996. 

[CLN94] D. Calvanese, M. Lenzerini, and D. Nardi. A Unified Framework for Class Based Representation 
Formalisms. Proc. ofKR-94, 1994. 

[dHR95] W. Van der Hoek and M. De Rijke. Counting objects. Journal of Logic and Computation, 5(3):325- 
345, June 1995. 

[DLNN97] F. M. Donini, M. Lenzerini, D. Nardi, and W. Nutt. The complexity of concept languages. Informa- 
tion and Computation, 134(l):l-58, 10 April 1997. 

[Fin72] K. Fine. In so many possible worlds. Notre Dame Journal of Formal Logic, 13:516-520, 1972. 

[GS96] F. Giunchiglia and R. Sebastiani. Building decision procedures for modal logics from propositional 

decision procedures — the case study of modal K. Proc. of CADE-13, LNCS 1104. Springer, 1996. 

[HB91] B. Hollunder and F. Baader. Qualifying number restrictions in concept languages. In Proc. of'KR-91, 

pages 335-346, Boston (USA), 1991. 

[HM92] J. Y. Halpern and Y. Moses. A guide to completeness and complexity for model logics of knowledge 

and belief. Artificial Intelligence, 54(3):3 19-379, April 1992. 

[HS97] U. Hustadt and R. A. Schmidt. On evaluating decision procedures for modal logic. In Proc. of 

IJCAI-97), volume 1, pages 202-207, 1997. 

[HST99] I. Horrocks, U. Sattler, and S. Tobies. Practical Reasoning for Expressive Description Logics. In 
H. Ganzinger and A. Voronkov, editors, Proceedings of the 6th International Conference on Logic 
for Programming and Automated Reasoning (LPAR'99) LNAI number 1705, Springer- Verlag. 

[Lad77] R. E. Ladner. The computational complexity of provability in systems of modal propositional logic. 

SIAM Journal on Computing, 6(3):467^180, September 1977. 

[OS97] H. J. Ohlbach and R. A. Schmidt. Functional translation and second-order frame properties of modal 

logics. Journal of Logic and Computation, 7(5):581-603, October 1997. 

[OSH96] H. J. Ohlbach, R. A. Schmidt, and U. Hustadt. Translating graded modalities into predicate logic. In 
H. Wansing, editor, Proof Theory of Modal Logic, volume 2 of Applied Logic Series, pages 253-291. 
Kluwer, 1996. 

[Sav70] W. J. Savitch. Relationships between nondeterministic and deterministic tape complexities. Journal 

of Computer and System Sciences, 4(2):177-192, April 1970. 

[Sch91] K. Schild. A correspondence theory for terminological logics: Preliminary report. In Proc. ofUCAI- 

91, pages 466-471, 1991. 



23 



[Sch97] R. A. Schmidt. Resolution is a decision procedure for many prepositional modal logics: Extended 

abstract. In M. Kracht, M. de Rijke, H. Wansing, and M. Zakharyaschev, editors, Advances in Modal 
Logic '96. CLSI Publications, 1997. 

[SSS91] M. Schmidt-SchauB and G. Smolka. Attributive concept descriptions with complements. Artificial 

Intelligence, 48:1-26, 1991. 

[Tob99] S. Tobies. A PSpace algorithm for graded modal logic. In H. Ganzinger, editor, Automated Deduction 

- CADE-16, 16th International Conference on Automated Deduction, LNAI 1632, pages 52-66, 
Trento, Italy, July 7-10, 1999. Springer- Verlag. 



24 



